|
Overview
Distinct Network Monitor
is a packet sniffing and network protocol analyzer software that translates
complex protocol negotiation into natural language, pinpointing where errors
occurred. Network Monitor also captures network traffic statistics for the
segment being monitored and provides a graphical representation of the
statistics gathered. This feature may be used together with packet sniffing and
protocol parsing or on its own. Statistics can span most of the network if an
agent (also know as a network probe) is installed on each segment or switch.
Statistics will show the traffic generated to and from all the IP addresses as
well as broadcast and multicast packets. Network Monitor includes parsers for
the most important protocols of the Internet including IP, TCP, UDP, HTTP, SMTP,
FTP, POP3, IMAP, LDAP, H323, SIP and many others. It supports 10/100 Ethernet,
wireless TCP/IP adapters, 4/16 Token Ring cards and PPP connections.
Features
IP Packet Sniffing - made
easy
Distinct Network Monitor is a packet capture and network protocol
analyzer software that translates complex protocol negotiation into natural
language, pinpointing where errors occurred. Not only is easier to use than any
other competing products, but it also translates the packet negotiation into
natural language, something no other network protocol analyzer does.
Network Monitor was developed for network professionals who need
to quickly detect network errors rather than wading through pages of
incomprehensible network traffic.
Network Statistics – simple to understandThe Distinct Network Monitor Statistics gathering and analysis
module allows you to get a very good picture of the activity that is going on
for any given network segment monitored. While the Statistics module is fully
integrated in the Distinct Network Monitor, the product provides the ability to
run this module only, allowing it to run for several hours or days gathering the
needed statistics. Following is a brief description of the features provided by
the Network Statistics module:
 |
Top Ten Talkers
quickly gives you an idea of
which systems are chewing up most bandwidth on the network segment being
monitored. |
|
|
IP traffic drill down
by protocol, down to each set
of talking pairs. This shows all the systems that any single system is talking
to and what protocol is being used. |
|
|
Statistics by application protocol
showing all the talking pairs
of systems for each protocol in use. |
|
|
Network protocols
drill down to see which MAC
addresses are most active. |
|
|
Traffic divided by MAC address,
this shows the complete activity for each active MAC address including non IP
protocols. |
|
|
Network Segment Bandwidth Monitor
that shows you the bandwidth
usage as seen by your NIC. |
|
|
Adapter Statistics.
This reports all the data that is gathered by the NIC driver including
collisions, alignment errors, overruns and underruns. |
|
|
Summary
details include number of
passthrough packets received from the monitoring system. |
|
|
Can gather statistics on all traffic
in/out of the network if
installed on the same hub as the router. |
|
|
Make use of Filters to search for
specific problems. For
example filters can be written to capture all broadcast packets going out on the
segment. The statistics IP module will quickly identify the origin of the
majority of the broadcast packets. |
|
|
Find out who owns an intruding IP
address. The
statistics module includes the ability to query the public WhoIs databases for
any IP address at the right click of the mouse. |
|
| Excellent Reporting
Create HTML reports to easily
go through and analyze the statistics gathered. |
Network Traffic analysis –
easy to read
The Distinct Network Monitoring packet sniffing and decode
capabilities are very far reaching. The product offers a high degree of
flexibility and provides you with the ability to selectively narrow down problem
areas. In summary Distinct Network Monitor:
Captures network traffic and
interprets the network packet trace in plain English.
For example whereas, a leading
high-end network analyzer
parsed a Telnet packet as follows:
0000: ff fd 18 ff fd lf ff fd 23 ff fd 27 ff fd 24 |
Distinct Network Monitor
parsed the
same packet negotiation
by indicating exactly the
Telnet options being negotiated:
TELNET Do Terminal Type Do Window Size Do X Display Location Do New
Environment Option Do Environment Option
and gave a detailed description of each option request.
|
|
|
 |
|
Allows you to customize which IP
header fields you wish to display in the packet trace summary window.
Since the physical size of your computer screen has its limitations, Distinct
Network Monitor allows you to display the IP headers that are most important to
your specific needs. Just right click your mouse to choose the headers you want
to see. |
|
Moves from one protocol error to the
next protocol error fast.
Menu item allows you to quickly scan through all the errors that are in any
given trace without having to look through the whole file. |
|
Modify and resend any packet in a
trace file. Distinct
Network Monitor allows you to modify and resend on the network any packet that
is in a give trace file. This feature is very useful for software developers
working with proprietary protocols or developing applications that rely on
specific protocols. |
|
Imports packet trace files
taken with other networks
analyzers and views them in Distinct’s plain English format. |
|
Exports packet trace to csv or text
format. This
allows you to make use of the data gathered right in your application. Packet header information may be exported
in a comma separated format
(CSV) for use with Excel or imported into a database. Complete packet
information which includes protocol details may be exported to a text file
(TXT). |
|
|
Works over serial line.
Network Monitor works over a PPP connection. Use it to find out who is intruding
on your PPP connection. |
|
| Has advanced filtering
capabilities. It
allows you to filter at any level. You may filter the capture
itself to avoid the collection of
unnecessary packets and reduce the size of your capture. You may also filter a
captured file and save the packets filtered to a new, smaller, more manageable
file |
|
| Has a REMOTE IP
SNIFFING capability through its Agents:
Distinct Network Monitor comes with one Remote Agent
(also known as a network probe)
and additional Agents may be purchased to allow the remote monitoring of
systems when needed. |
|
| Has Search
capabilities.
Network Monitor searches for any string within a captured network trace.
|
|
| Saves the network
packet trace in
MergeDPM supported format.
|
|
|
Supports a wide range of
protocols that is constantly expanding.
Network Monitor includes parsers for the most important protocols of the
Internet including IP, TCP, UDP, HTTP, SMTP, FTP, POP3, IMAP, LDAP, VoIP,
H323, SIP and many others. If you are interested in seeing a protocol
parsed that is not in our current list, just send us a request. We will
see what we can do to add this. |
|
|
Allows to add your own parser. |
|
|
Includes several utilities
such as Ping, Traceroute,
WhoIs, Local scan for port status an TCP Port Scan |
|
 |
All IP Traffic
When viewing the All IP Traffic
window you will see a graph showing the top 10 talkers in the top window. The
bottom window lists all the IP addresses that are active on this network
segment. Next to each IP address you will see:
|
The
IP type – this may be L for local subnet, 0 for outside of this subnet, B for
broadcast and M for multicast. |
|
The
system name |
|
The
number of bytes/packets sent by the system |
|
The
number of bytes/packets received by the system |
| The total number of
bytes/packets sent and received by the system. |
 |
Talkers
To get more
detailed information about the traffic for a particular IP address you need
to click on that address. This will show you a detailed breakdown of the
different protocols that the particular system has received or sent.
To find out which systems this particular IP address has been communicating
with for any of the listed protocols, click on the protocol. This will show
you the complete list of IP addresses that the system has been talking to,
showing the bytes and packets sent and received.
To go back one level just click on the little blue arrow button in the
toolbar or right-click the mouse button to select Go Back. |
WhoIs
We have built in automated
WhoIs queries for you to quickly find out who is the registered owner of any
particular IP address or domain name that one of your systems is talking to.
To find this out position your mouse on the IP address in question and click
on the right mouse button and choose WhoIs. This will display the
registration information for the particular IP and the name of the WhoIs
server that was queried for the information.
Note:
If the system listed is not on the same hub, the traffic numbers do not
indicate the total traffic for that system, but just the traffic created
between it and other systems on the hub or switch being monitored.
Application Protocols
This displays the traffic
distribution by protocol for all traffic that was captured through the
specified system.
It shows the list of application protocols showing how many bytes/packets
were sent and received for each protocol. Protocols are identified by port
number.
To view which IP addresses generated the packets for a particular protocol,
click on the protocol name in the first column. This will show the list of
IP addresses that generated the traffic and the IP addresses that they were
communicating with. To move back one level click on the left arrow button in
the toolbar or right-click the mouse button to choose Go Back.
|
 |
Network Protocols
This section shows the list of
level three protocols such as IP and Netbeui showing the total number of
bytes and packets transmitted for each one. To find out which systems
generated the packets for a specific protocol, click on the protocol. This
will provide a list of all the local MAC addresses involved in the traffic
generation. Note that all packets that are received from outside the subnet
will show up as being sent by the router and all packets being sent outside
of the subnet will show up as being sent to the router.
IP Protocols
This section lists the IP
protocols and the total number of bytes and packets transmitted for each
one.
 |
MAC Traffic
This section shows the list of
MAC addresses that are active on the local subnet where the monitor is
running. For each hardware address the following are displayed:
|
IP address |
|
Bytes Sent |
|
Bytes Received |
|
Total Bytes |
|
Packets Sent |
|
Packets Received |
| Total Packets |
This includes all packets
whether IP or otherwise that are over Ethernet or Token Ring and may include
packets that are not parsed by the Network Monitor.
To get more detailed information on the traffic generated to and from a
particular hardware address, click on it. You will see a list of protocols,
ports and the number of bytes and packets sent and received. To go back one
level click the left arrow.
|
Bandwidth
Bandwidth usage over the specified time
period using the number of samples specified. The time and sample size is
defined by selecting the Statistics option in the Configure menu.
Packet Statistics
This section provides an analysis of Packet
size distribution showing the number of packets transmitted in various size
ranges.
Adapter StatisticsThis window shows all the statistics that
were reported by the NIC driver for the duration of the capture. The statistics
displayed depend on the NIC driver. The errors shown here give you an idea on
the state of the network segment being monitored.
General Statistics The following gives an explanation of each
statistic in this category. If the NIC driver does not return the statistic, you
will see n/a in the list.
Frames not transmitted or
transmitted with errors shows
the total number of packets transmitted with errors during the time that the
network trace was on.
Frames received with errors
shows the total number of packets received with
errors during the time that the network trace was on.
Frames Missed, No Buffers
shows the total number of packets that the NIC
cannot receive due to lack of NIC receive buffer space.
Frames received with CRC or FCS
errors are the packets received
with cyclic redundancy check (CRC) or frame check sequence (FCS) error.
Directed frames/bytes
transmitted without errors are
the total number of packets that were transmitted directed to a specific IP
address
Multicast frames/bytes
transmitted without errors are
the total number of multicast packets transmitted with no errors. A multicast
packet contains a multicast group address in the destination address field of
the IP header. Although there may be thousands of intended recipients only one
given copy of a packet is generated at source, unlike a unicast packet, which
would generate a copy for each recipient.
Broadcast frames/bytes
transmitted without errors are
the total number of broadcast packets transmitted with no errors.
Directed frames/bytes received
without errors are the total
number of packets received with the destination IP address in the header.
Multicast frames/bytes received
without errors are the total
number of multicast packets received with no errors.
Broadcast frames/bytes received
without errors are the total
number of broadcast packets received with no errors.
Length of transmit queue
specifies the number of packets that are
currently queued for transmission, on the NIC or in the driver’s-internal queue.
Ethernet Statistics
The following describes what each Ethernet
statistic reported means. If the NIC driver does not return the statistic, you
will see n/a in the list.
Frames received with alignment
Errors are the total number of
packets received with alignment errors. Alignment errors usually occur when
large amounts of data are transferred. Their presence usually indicates an error
in the NIC board settings for FIFO threshold.
Frames transmitted with one
collision are the total number
of packets that are involved in a single collision and subsequently successfully
transmitted. Their presence indicates that the network has light to moderate
traffic. If this number exceeds 2% of the total transmit packets, this generally
means overutilization of the network and is likely to affect the adapter
performance.
Frames transmitted with more
than one collision are the
total number of packets involved in multiple collisions but which are
subsequently transmitted successfully
Frames not received due to
overrun are the total number of
packets that were not transmitted due to an overrun condition. This error may be
caused by a receive threshold that is too high.
Frames not transmitted due to
underrun are the total number
of packets that were not transmitted due to an underrun condition on the NIC.
Frames transmitted with
heartbeat failure are the total
number of frames successfully transmitted without detection of the
collision-detect heartbeat.
Times carrier sense signal loss
during transmission are the
number of times that the carrier sense signal was lost during transmission.
Late Collisions Detected
are the number of collisions detected after the
normal window.
Summary of the statistics recorded during
the session and shows whether the Network Monitor driver dropped any packets.
Creating Reports
To create a report of the statistics for a
particular capture, select Statistics from the Reports menu and then select the
format for your report. You may save the report as an HTML document or in CSV
format if you intend to import the data into a database.
|
